Darren:
The primary weakness is that if you use a password to log into a
compromised system, your password may be collected. If you use that
password with other systems, the attacker can use your password to gain
access to those systems as well. By using public key authentication, you
never actually send your credentials to the host system, but rather just
proof that you are in possession of those credentials. Thus a compromised
remote host does not lead to a compromised private key.
-Matt
--On Saturday, September 22, 2001 12:45 AM +1000 Darren Reed
<[EMAIL PROTECTED]> wrote:
>
> Are there any inherent protocol weaknesses or flaws which arise when a
> password is used to login over ssh vs the public/private key method ?
> Besides the length of the secret, that is.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
